Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

p.exe

Status: finished
Submission Time: 2025-02-08 10:55:22 +01:00
Malicious
Trojan
Spyware
Evader
MeshAgent

Comments

Tags

  • al3b-duckdns-org
  • exe

Details

  • Analysis ID:
    1610061
  • API (Web) ID:
    1610061
  • Analysis Started:
    2025-02-08 10:55:23 +01:00
  • Analysis Finished:
    2025-02-08 11:13:14 +01:00
  • MD5:
    ef49068784d28ce24e93fe5db5b89515
  • SHA1:
    efc2130707c28a88e47a6e30e72fe5178d68c9db
  • SHA256:
    ba25f8ebac2b55cc744c226010fa3c4422dd77d8aeee495d203715abe8553b27
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report
malicious
Score: 19/71
malicious
Score: 6/38

IPs

IP Country Detection
20.101.57.9
 United States
154.255.216.218
 Algeria

Domains

Name IP Detection
al3b.duckdns.org
 154.255.216.218
twc.trafficmanager.net
 20.101.57.9
time.windows.com
 0.0.0.0

URLs

Name Detection
https://dev.virtualearth.net/mapcontrol/logging.ashx
http://%sprocess.stdout.write(
http://concat://protocolhostportpathGETmethodusernamepasswordhost?/%spathhostunshifthttp.webSocketSt
Click to see the 51 hidden entries
https://dev.ditu.live.com/REST/v1/Transit/Stops/
https://dev.virtualearth.net/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
http://opensource.org/licenses/MIT
https://t0.ssl.ak.dynamic.tiles.v0E
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://dev.virtualearth.net/REST/v1/Locations
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
https://sectigo.com/CPS0
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
https://dynamic.t
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
http://crl.usertrust.
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
http://ocsp.usertrust.co
https://dev.ditu.live.com/REST/v1/Locations
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
https://github.com/svaarala/duktape
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
http://ocsp.sectigo.com0
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://al3b.duckdns.org/agent.ashx
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
https://al3b.duckdns.org/0
http://www.zlib.net
https://t0.ssl.ak.dynamic
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvsxH
https://github.com/Ylianst/MeshAgent
https://al3b.duckdns.org/
http://www.bingmapsportal.com
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://crt.sectigo.com/SectigoPublicT
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
http://ocsp.Y
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #